April 10th, 2015 | Sterling

50 Shades of Privacy Laws

Is Your Company at Risk? 4 Cases of Unconventional Employee Theft | SterlingBackcheck

  • Can you explain to your candidates why you’re requesting a certain type of background check?
  • Did you know that some parts of your company’s HR files may be subject to a privacy law, and others may not?
  • Do you understand what “employee personal information”, “personal information” and “work product information” mean, and how they are treated differently under the law?
  • Do you know why perusing social media for information about your employees may be more risky than it seems?
  • When a candidate or employee asks for copies of her HR files, do you know what you can (or must) give her and what you can (or must) withhold?

If the answer to any of these questions is no, it may be time to brush up on how privacy laws and best practices fit into your HR practice, especially with background checks, which are one of the most privacy-invasive parts of the employer-employee relationship.

Canada’s has many privacy laws – more than 20 – and it can seem daunting to determine which one(s) apply and how to comply with them. However, they tend to be broadly similar, so you can build consistent privacy standards into your organization’s policies, even if different rules apply in different jurisdictions. Before you do, you must understand the concepts that underpin Canadian privacy law, and consider the subtle ways these concepts apply to background screening.

For example, logging onto Facebook and viewing a candidate’s ‘public’ profile may expose you to personal information that is not appropriate for an employer to collect, such as religious affiliation, political convictions or information about third parties. The fact that the information is publicly available does not necessarily mean you can collect it. Police information also requires great care. If you send a candidate to his local police to obtain a Police Information Check, he may come back with a list of non-conviction interactions that have no bearing on your hiring decision, like a dispute with a neighbour or a suicide attempt. It seems like a catch-22: you need to get certain information to make a decision, but in getting it, you could end up with more than you bargained for.

But collecting personal information about an employee is fine – even excessive information – as long as he/she consents to it, right? Wrong. In some cases, consent is not enough – the information must be reasonably necessary to start, manage or terminate the employment relationship. In addition, there are legitimate questions as to whether employees or candidates can truly consent to sharing personal information with an employer. After all, if a job is on the line, are you really going to say no? Fortunately, consent is not always necessary when collecting personal information from an employee or candidate. In some cases, simply notifying the individual is sufficient.

While these problems may seem complicated, the reality is that you can protect yourself and your organization from these risks and demonstrate to your candidates, employees and the public that you respect their privacy. All you need is a solid understanding of how privacy laws apply to employee information, a well-thought-out background screening policy, and a partnership with a trusted provider that has built privacy protections into its services.

To learn more about best practices for collecting and using your employees’ personal information before, during and after an employment relationship, view our on-demand webinar: Employee Privacy: Are You Sure You’re Compliant?

This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.